<?php
session_start();
include 'config.php';
$Pagetitle='Overview';
if($_GET["Logout"]=="1")
{
	session_unset();
	session_destroy();
}
if($_GET["Mod"]=="12")$Pagetitle='Help';
if($_GET["Mod"]=="11")$Pagetitle='Rules and Impressum';
if($_GET["Mod"]=="10")$Pagetitle='Image List';
if($_GET["Mod"]=="9")$Pagetitle='User List';
if($_GET["Mod"]=="8")$Pagetitle='Log';
if($_GET["Mod"]=="7")$Pagetitle='Edit Images';
if($_GET["Mod"]=="6")$Pagetitle='Edit Story';
if($_GET["Mod"]=="5")$Pagetitle='Create Story';
if($_GET["Mod"]=="4")$Pagetitle='Create Page';
if($_GET["Mod"]=="3")$Pagetitle='Edit Links';
if($_GET["Mod"]=="2")$Pagetitle='Edit Image';
if($_GET["Mod"]=="1")$Pagetitle='Edit Page';
if($_GET["Mod"]=="" && $_GET["ID"]!="" && is_numeric($_GET["ID"]))
 {
	$sql = "SELECT Name FROM stor WHERE RefID=?";
	$stmt = $conn->prepare($sql); 
	$stmt->bind_param("i", $_GET["ID"]);
	$stmt->execute();
	$result = $stmt->get_result();

if ($result->num_rows > 0) 
  {
  // output data of each row
  while($row = $result->fetch_assoc()) 
	 {
		$Pagetitle=$row["Name"];
	 }
  }
 }
 if($_GET["Mod"]=="" && $_GET["ID"]=="" && $_GET["User"]!="" &&  is_numeric($_GET["User"]))
  {
	 $Pagetitle="Userpage"; 
  }
  if($upload=="1")
   $Pagetitle="Upload Image"; 
echo '<html lang="en">
<head><title>'.$Pagetitle.'</title> <link rel="icon" type="image/x-icon" href="favicon.png">
<style>
#skip-to-main a{
	position: absolute;
	left: -10000px;
	top: auto;
	width: 1px;
	height: 1px;
	overflow: hidden;
}

#skip-to-main a:focus{
	position: static;
	width: auto;
	height: auto;
}
</style>
</head><body><div id="nav" role="navigation"> <div id = "skip-to-main">
        <a href = "#main-content">Skip to main content</a>
    </div>';

if(isset($_POST['Go']))
{
$submitbutton= $_POST['Go'];
if($submitbutton=="Login")
{
if($_POST['uName']!="" && !isset($_SESSION['Name']))
{
	echo "Login attempted!";
	$sql = "SELECT Password, Level, ID FROM Users WHERE Name=?";
	$stmt = $conn->prepare($sql); 
	$stmt->bind_param("s", $_POST['uName']);
	$stmt->execute();
	$result = $stmt->get_result();
	if ($result->num_rows > 0) 
	{
	$PW=bin2hex(random_bytes(5));
	 while($row = $result->fetch_assoc()) 
	 {	
		 $PW=$row["Password"];
		 $tID=$row["ID"];
		 $tLevel=$row["Level"];
	 }
	if(password_verify($_POST['uPass'], $PW))
	{
	echo "Set Session!";
	 $_SESSION['Name'] = $_POST['uName'];
	 $_SESSION['ID'] = $tID;
	 $_SESSION['Level'] = $tLevel;
	}
	else
	{
	 echo "Wrong Password";
	}
	}
	else
	{
	 echo "Wrong Name";
	}
}
}
else
{
 if($_POST['uName']!="" && $_POST['uPass']!="")
  {
	$sql = "SELECT Password, Level, ID FROM Users WHERE Name=?";
	$stmt = $conn->prepare($sql); 
	$stmt->bind_param("s", $_POST['uName']);
	$stmt->execute();
	$result = $stmt->get_result();
	if ($result->num_rows > 0) 
	{
		echo 'Error: Username allrdy taken!';
	}
	else
	{
	  $sql = "INSERT INTO Users (Name, Password, Level) VALUES (?, ?, '0')";
	  $stmt = $conn->prepare($sql); 
	  $in1=$_POST['uName'];
	  $in2=password_hash($_POST['uPass'], PASSWORD_DEFAULT);
	  $stmt->bind_param("ss", $in1, $in2);

	  $stmt->execute();
	echo "Registered";
	}
	}
	else
	{
		echo "Error: No Username/Password set";
	}
}
}
else if (!isset($_SESSION['Name']))
{ 
	echo '<form action="index.php" method="post" title="login or register" enctype="multipart/form-data">
  Login:
  <input type="text" title="Name" name="uName" id="uName">
  <input type="password" title="Password" name="uPass" id="uPass">
  <input type="submit" title="Login" value="Login" name="Go">
  <input type="submit" title="Register" value="Register" name="Go">
  | <a href=index.php>Index</a>
</form></div>';

}
if (isset($_SESSION['Name']))
{
	echo "<center>Hi <a href=\"index.php?User=" . $_SESSION['ID']. "\">" . htmlentities($_SESSION['Name']) . "</a>";
		 echo " <a href=\"index.php?Logout=1\">(logout)</a>   | <a href=index.php>Index</a> "; 
		 if($_SESSION['Level']>=$CreateStoryPermissionLevel)
		 {
		 echo "| <a href=index.php?Mod=4>Create Page</a> "; 
		 }
		 if($_SESSION['Level']>=$CreatePagePermissionLevel)
		 {
		 echo "| <a href=index.php?Mod=5>Create Story</a> ";
		 }
		 if($_SESSION['Level']>=$ImagePermissionLevel)
		 {
		 echo "| <a href=upload.php>Add Image</a> ";
		 }
		if($_GET["ID"]!="" && is_numeric($_GET["ID"])) 
		{
		 $sql = "SELECT Owner, Open, OpenAddLinks, OpenRemoveLinks, OpenImage FROM stor WHERE RefID=?";
		 $stmt = $conn->prepare($sql); 
		 $stmt->bind_param("i", $_GET["ID"]);
		 $stmt->execute();
		 $result = $stmt->get_result();

		if ($result->num_rows > 0) 
		  {
		  echo "| Page ID: " . $_GET["ID"];
		  // output data of each row
		  while($row = $result->fetch_assoc()) 
			 {
				 if($row["Open"]=="1" || $row["Owner"]== $_SESSION['ID'])
				  {
					   echo " | <a href=index.php?Mod=1&ID=".$_GET["ID"].">Edit Page</a>";
					  
				  }
				  else
				  {
					 if($_SESSION['Level']>=$ModPermissionLevel)
					   {
						    echo " | <a href=index.php?Mod=1&ID=".$_GET["ID"].">MOD Edit Page</a>";
					   }  
				  }
				  
				 if(($row["OpenAddLinks"]=="1" || $row["OpenRemoveLinks"]=="1") || $row["Owner"]== $_SESSION['ID'])
				 {
					echo " | <a href=index.php?Mod=3&ID=".$_GET["ID"].">Edit Links</a>";
				 }
				 			  else
				  {
					 if($_SESSION['Level']>=$ModPermissionLevel)
					   {
						    echo " | <a href=index.php?Mod=3&ID=".$_GET["ID"].">MOD Edit Links</a>";
					   }  
				  }
				  
				 if($row["OpenImage"]=="1" || $row["Owner"]== $_SESSION['ID'])
				 {
					 echo " | <a href=index.php?Mod=2&ID=".$_GET["ID"].">Edit Image</a>";
				 }
				 else
				  {
					 if($_SESSION['Level']>=$ModPermissionLevel)
					   {
						    echo " | <a href=index.php?Mod=2&ID=".$_GET["ID"].">MOD Edit Image</a>";
					   }  
				  }
			 }
		
		 }
		
		 
	 } 
	if($_SESSION['Level']>=$ImageEditPermissionLevel)
	 {
	  
	  $sql = "SELECT Link FROM Images WHERE Unlocked=0";
			  $stmt = $conn->prepare($sql); 
			  $stmt->execute();
			  $result = $stmt->get_result();
			  if ($result->num_rows > 0) 
				{	
				echo " | <a href=index.php?Mod=7>Images waiting for approval</a>";
				}
				else
				{
				echo " | <a href=index.php?Mod=7>Edit Images</a>";	
				}
	 }
	 if($_SESSION['Level']>=$LogPermissionLevel)
	 {
	 echo " | <a href=index.php?Mod=8>View Log</a>";
	 }
	 if($_SESSION['Level']>=$UserSettingPermissionLevel)
	 {
	  echo " | <a href=index.php?Mod=9>List Users</a>";
	 }	
	 echo "</center></div>";
}



?>
